TLS termination on http and acme stuff is handled by my reverse proxy, which installs the certificate in mailcow following the instructions in here. It used to be an RSA 2048bit cert, but I recently replaced it with an ecdsa p-256 one.
Did I make a mistake? The app works for me, but I am worried about other smtp servers who might try to connect.